CVSS: 5.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3818
https://notcve.org/view.php?id=CVE-2022-3818
09 Nov 2022 — An uncontrolled resource consumption issue when parsing URLs in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to cause performance issues and potentially a denial of service on the GitLab instance. Un problema de consumo de recursos no controlado al analizar URL en GitLab CE/EE que afecta a todas las versiones anteriores a 15.3.5, 15.4 anterior a 15.4.4 y 15.5 anterior a 15.5.2 permite que un atacante cause problemas de rendimiento y p... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3818.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3706
https://notcve.org/view.php?id=CVE-2022-3706
09 Nov 2022 — Improper authorization in GitLab CE/EE affecting all versions from 7.14 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows a user retrying a job in a downstream pipeline to take ownership of the retried jobs in the upstream pipeline even if the user doesn't have access to that project. La autorización inadecuada en GitLab CE/EE que afecta a todas las versiones desde 7.14 anterior a 15.3.5, 15.4 anterior a 15.4.4 y 15.5 anterior a 15.5.2 permite a un usuario reintentar un trabajo en una c... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3706.json •
CVSS: 7.3EPSS: 51%CPEs: 6EXPL: 0CVE-2022-3265
https://notcve.org/view.php?id=CVE-2022-3265
09 Nov 2022 — A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. Se descubrió un problema de Cross-Site Scripting (XSS) en GitLab CE/EE que afecta a todas las versiones anteriores a 15.3.5, 15.4 anteriores a 15.4.4 y 15.5 ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3265.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.4EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3486
https://notcve.org/view.php?id=CVE-2022-3486
09 Nov 2022 — An open redirect vulnerability in GitLab EE/CE affecting all versions from 9.3 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allows an attacker to redirect users to an arbitrary location if they trust the URL. Una vulnerabilidad de redireccionamiento abierto en GitLab EE/CE que afecta a todas las versiones desde la 9.3 anterior a la 15.3.5, la 15.4 anterior a la 15.4.4 y la 15.5 anterior a la 15.5.2, permite a un atacante redirigir a los usuarios a una ubicación arbitraria si confían en l... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3486.json • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3018
https://notcve.org/view.php?id=CVE-2022-3018
28 Oct 2022 — An information disclosure vulnerability in GitLab CE/EE affecting all versions starting from 9.3 before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 allows a project maintainer to access the DataDog integration API key from webhook logs. Una vulnerabilidad de divulgación de información en GitLab CE/EE que afecta a todas las versiones desde 9.3 anteriores a 15.2.5, todas las versiones desde 15.3 anteriores a 15.3.4, todas las versiones desde 15.4 anteri... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3018.json • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 6.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2592
https://notcve.org/view.php?id=CVE-2022-2592
17 Oct 2022 — A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service. Una falta de comprobación de la longitud en las descripciones de Snippet en GitLab CE/EE afectando a todas las versiones anteriores a 15.1.6, 15.2 anteriores ... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2592.json • CWE-1284: Improper Validation of Specified Quantity in Input •
CVSS: 8.5EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2428
https://notcve.org/view.php?id=CVE-2022-2428
17 Oct 2022 — A crafted tag in the Jupyter Notebook viewer in GitLab EE/CE affecting all versions before 15.1.6, 15.2 to 15.2.4, and 15.3 to 15.3.2 allows an attacker to issue arbitrary HTTP requests Una etiqueta diseñada en Jupyter Notebook viewer in GitLab EE/CE que afectando a todas las versiones anteriores a 15.1.6, 15.2 a 15.2.4, y 15.3 a 15.3.2 permite a un atacante emitir peticiones HTTP arbitrarias • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2428.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2022-2931
https://notcve.org/view.php?id=CVE-2022-2931
17 Oct 2022 — A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage. Se ha detectado una posible vulnerabilidad de DOS en GitLab CE/EE afectando todas las versiones anteriores a 15.1.6, todas las versiones a partir de 15.2 anteriores a 15.2.4 y a todas las versiones a partir de 15.3 anterio... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2931.json • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.3EPSS: 0%CPEs: 5EXPL: 0CVE-2022-2865
https://notcve.org/view.php?id=CVE-2022-2865
17 Oct 2022 — A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.1.6, 15.2 to 15.2.4 and 15.3 prior to 15.3.2. It was possible to exploit a vulnerability in setting the labels colour feature which could lead to a stored XSS that allowed attackers to perform arbitrary actions on behalf of victims at client side. Se ha detectado un problema de tipo cross-site scripting en GitLab CE/EE afectando a todas las versiones anteriores a 15.1.6, 15.2 a 15.2.4 y 15.3 anteriores a 15.3.2... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2865.json • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0CVE-2022-3030
https://notcve.org/view.php?id=CVE-2022-3030
17 Oct 2022 — An improper access control issue in GitLab CE/EE affecting all versions starting before 15.1.6, all versions from 15.2 before 15.2.4, all versions from 15.3 before 15.3.2 allows disclosure of pipeline status to unauthorized users. Un problema de control de acceso inapropiado en GitLab CE/EE afectando a todas las versiones a partir de 15.1.6, a todas las versiones a partir de 15.2 anteriores a 15.2.4, a todas las versiones a partir de 15.3 anteriores a 15.3.2 permite revelar el estado de las tuberías a usuar... • https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3030.json •